I know that THERE ARE MANY questions about this and I have been looking for hours for my solution and I just can't seem to find what is wrong with my code, besides seeing that mysql_query should be changed to mysqli_query but when I change it it gives me even more error messages and I don't know what else to try now. Please help if you can, this is starting to take a lot of my time. THANKS! (Don't criticize by saying "there's so many of the same questions" I think every person ends up posting theirs because they couldn't find an answer to their problem because it doesn't match the others, at least in my case I looked before asking with no success.)

As per EVERY OTHER QUESTION LIKE THIS, one or more of your queries has failed. Your code blindly (and stupidly) assumes success, and tries to plough onwards, ignoring the path of failure and destruction behind it. Never EVER assume a database query has succeeded. ALWAYS check for success/failure at every stage.
–
Marc BMay 30 '13 at 18:40

2 Answers
2

When passed an UPDATE query, mysql_query() returns boolean TRUE for success and FALSE for failure, while mysql_num_rows() only accepts a resultset resource as its argument. In order to determine how many rows the UPDATE query affected, call mysql_affected_rows() with the connection resource as its argument.

It's not causing the problem you're having right now, but you would be extremely well advised to append or die(mysql_error()) to your mysql_query() calls, in order to catch any MySQL errors which occur. You would be even better advised to abandon the mysql_* functions entirely in favor of the PHP PDO extension, as recommended in the PHP manual, and which really doesn't incur much more cognitive overhead in exchange for the vast benefits it offers in capability and security.

Leaving that aside, here's how I would change your code so that it behaves more like what you have in mind:

<?php
// obtain a database connection
$dbConn = mysql_connect($serverName, $user_name, $password)
or die("Cannot connect to server: " . mysql_error() . "<br />\n");
// mysql error number rarely adds enough information to be worth including
// select the database
mysql_select_db($db_name, $dbConn)
or die("Couldn't select $db_name: " . mysql_error() . "<br />\n");
// obtain escaped versions of query data for inclusion in update query
// it is imperative to use mysql_real_escape_string() or equivalent if you're
// going to use mysql_* functions instead of the far preferable PDO
// prepared statements; if you don't escape your data, you leave open the
// possibility of SQL injection, which someone will certainly soon use to
// screw up your website horribly
$id = mysql_real_escape_string($_GET['id']);
$additional_notes = mysql_real_escape_string($_GET['additional_notes']);
// assemble query to pass to mysql_query()
// no need for parentheses around the string; in fact i'm surprised that
// didn't result in a parse error
// also FYI re backticks, MySQL uses them to denote literal database/table/
// column names -- they're optional unless required to disambiguate between
// an entity name and a reserved word. for example, you can create a table
// containing a column named 'key', which is a MySQL reserved word, but you
// thereafter must refer to that column as `key`, with backticks, in any
// queries, to hint to MySQL's parser that you mean the column by that name
// and not the reserved word; otherwise, it's a parse error.
$sql = "UPDATE `rmstable2` SET `additional_notes` = '$additional_notes' WHERE `id` = '$id'";
// actually run the query
// this being an UPDATE query, the result is boolean and offers no
// additional useful information, so you need not capture it in a variable;
// the 'or die' clause will fire if it's false, and if it's true, you'll
// use mysql_affected_rows() to get the additional info you need.
mysql_query($sql)
or die(mysql_error());
// if the query failed, the script die()d on the previous line and didn't
// get here; if it did get here, you know the query succeeded
$resultcount = mysql_affected_rows($dbConn);
// this is technically correct but semantically odd; since you already included
// the 'additional_notes' value in the previous UPDATE query, and since
// that query certainly succeeded if we're evaluating this code at all,
// why run the same query again?
if ($resultcount == 1) {
mysql_query("UPDATE `rmstable2` SET `additional_notes` = '$additional_notes' WHERE `id` = '$id'")
or die(mysql_error());
}
// again, the 'or die' clauses mean that we can only have reached this point
// if the queries succeeded, so there's no need for an if() test here
echo "Update Successful!";
echo '<h3>Your case has been updated.</h3>';
// note the backslashes before the embedded double quotes; single quotes in
// tag attributes are technically invalid but most browsers will accept them,
// but you can use double quotes within a double-quoted string if you precede
// the embedded quotes with backslashes (called "escaping") to indicate that
// they're not to be taken as the end of the string
// (i.e., "\"\"" == '""')
echo "To see your changes please click <a href=\"/fullcase.php?id=$id\">here</a></b>";
?>

I did the or die(mysql_error()) and the same error is there. My code is a restart of my starting code that worked last year. I tried the error checks and they gave me the same error. My query is successful, I know because it updates my database. Not every situation is the same.
–
AlexandraMay 30 '13 at 18:47

You're correct; my apologies. I've had to spend a lot of time reworking what I shall charitably call naive code in which the failure to check for errors from mysql_query() results in all sorts of problems, and I suspect I am therefore overly sensitive on the subject; I'll edit my answer to provide useful advice.
–
Aaron MillerMay 30 '13 at 18:51

1

THANK YOU! I feel attacked with all the people telling me things as if they were obvious when I know they are not because I have spent a long time trying to fix them. I know I have things wrong that is why I need help. Thank you for understanding.
–
AlexandraMay 30 '13 at 18:56

@Alexandra Try the version I sent few minutes ago.
–
ManjuMay 30 '13 at 19:00

@Alexandra Most welcome. If it helps, there's nothing personal in all the vitriol being flung your way; it's just that there are a lot of web developers who have spent so much time dealing with problems engendered by ill-implemented PHP database code that the sight of it provokes reflexive rage. Some of us might be a bit better at controlling that reflex than others, but judging by the sorry showing we've made here, I doubt any of us are particularly good at it.
–
Aaron MillerMay 30 '13 at 19:03

It is now returning a boolean for both mysql_num_rows() and mysql_affected_rows() and saying it was not successful and that it was successful at the same time. It did still update the database though.
–
AlexandraMay 30 '13 at 19:04

@Manju Okay, but why didn't you comment out the original versions of the lines you changed, or check mysql_error() after the first query?
–
Aaron MillerMay 30 '13 at 19:04